Scribd
Upload
86 views3 pages

Cissp Cheat Sheet

The document outlines various divisions of protection mechanisms, including Minimal, Discretionary, Mandatory, and Verified Protection, each with specific security measures and requirements. It details concepts such as access control, security policy models, and evaluation assurance levels (EAL) for security products. Additionally, it emphasizes the importance of protecting society and acting responsibly within the security profession.

Uploaded by

akparida09_850881076
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
86 views3 pages

Cissp Cheat Sheet

The document outlines various divisions of protection mechanisms, including Minimal, Discretionary, Mandatory, and Verified Protection, each with specific security measures and requirements. It details concepts such as access control, security policy models, and evaluation assurance levels (EAL) for security products. Additionally, it emphasizes the importance of protecting society and acting responsibly within the security profession.

Uploaded by

akparida09_850881076
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

• Division D – Minimal Protection

• Division C – Discretionary Protection


− C1 – Discretionary Security Protection
• Identification and authentication
Separation of users and data
• Discretionary protection of resources
− C2 – Controlled Access Protection
More finely grained DAC
Individual accountability through login procedures
• Object reuse
• Protect audit trail
Resource isolation
Required System Documentation and user manuals.
• Division B – Mandatory Protection
− B1 – Labeled Protection
• Labels and mandatory access control
• Process isolation in system architecture
• Design specifications and verification
• Device labels
Informal statement of the security policy model
Data sensitivity labels
Mandatory Access Control (MAC) over select subjects and objects
Label exportation capabilities
All discovered flaws must be removed or otherwise mitigated
Design specifications and verification
− B2 – Structured Protection -Config Mgt*
• Device labels and subject sensitivity labels
• Trusted path
• Separation of operator and administrator functions*
• Covert channel analysis
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements
Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation
Strict configuration management controls are imposed
− B3 – Security Domains
• Security administrator role defined*
• Trusted recovery*
• Monitor events and notify security personnel
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement
Significant system engineering directed toward minimizing complexity
Security administrator role defined
Audit security-relevant events
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400
• Division A – Verified Protection (very few)
− A1 – Verified Design
• Formal methods of design and testing
Functionally identical to B3
Formal design and verification techniques including a formal top-level specification
Formal management and distribution procedures
Bell-LaPadula (MAC) Biba (Integrity) Clark-Wilson Column Confidentiality
NO WRITE DOWN NO WRITE UP Integrity Atribute Integrity
NO READ UP NO READ DOWN Separation of Duties Degree Availability
USER<=File to write USER =>File to Write App Authentication ↑ CAD / CRT ↓ ↑ CIA / DAD ↓
1. Least Privelege Cardinality Disclosure
2. Separation of Duty Rows Alteration
3. Rotation of duties Tuple Destruction

Concept Formula
Exposure Factor % of Loss caused by threat
Singel Loss Expectancy Asset Value x Exposure Factor (EF)
Annualized Rate of Occurance (ARO) Frequency of threat occurance per year
Annualized Loss of Expectancy (ALE) Single Loss Expectancy (SLE) x
OSI TCP/IP
Away A Application Application
Pizza Priest Presentation
Sausage Saw Session
Take Ten Transport Transport
Not Nuns Network Internet
Do Doing Datalink Network Interface
Please Pushups Physical

EAL 1 Functionally tested


EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested, and reviewed
EAL 5 Semiformally designed and tested
EAL 6 Semiformally verified design and tested
EAL 7 Formally verified design and tested
EAL measures how the needs are met
Protection Profiles – describe objectives, and the environmental, functional, and assurance level expectations
Target of Evaluation (TOE) – Product proposed to provide the needed security solution
Security Target – Written by vendor explaining mechanisms that meet security and assurance requirements
Evaluated Products List EPL- list of evaluated products

Threat Agents Can Exploit A Vulnerability Resulting in A Risk


Virus Lack of antivirus software Virus Infection
Hacker services running on a server Unauthorized access to information
Fire Lack of fire extinguishers System malfunction

CANONS
Protect society, the commonwealth, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession

You might also like